but its pretty damn unhackable...

I might steal your plate and fork it... :lol:

So what are you actually going to, you know, do with this 'unhackable' server that doesn't store anything or make any kind of backups?

I have a plate sitting here on the table beside me. Bet you can't hack that! Not really sure what use it might be for a web server, but its pretty damn unhackable...

I didn't say it "stores Nothing", nor that it doesn't "make backups", i said i don't need to secure what it makes, only how it makes it as that is what has value, exe = valuable, data generated by it = hardly any value so can transit on the net without risk. It's much like cash, you don't care much if $20 gets stolen, but you certainly want to protect the money printing machine, here i protect the printing machine, not the bills.

What does your .exe generate, then? If someone manages to record a bunch fo the data generated, odds are they'd be able to reverse engineer the program. Similar to how people can forge really convincing fake money after studying the money's security techniques.

What does your .exe generate, then? If someone manages to record a bunch fo the data generated, odds are they'd be able to reverse engineer the program. Similar to how people can forge really convincing fake money after studying the money's security techniques.

I wouldn't mind, it's not generating anything "secret" so being able to generate the same data isn't the same as in the case of bills. It's something that took time to develop so i want to protect it but reverse engineering it from the data on disk (that doesn't include the intermediate data in ram next to the exe) is no easier than figuring it all out yourself so there's no added value to "hacking" anything. You're just making your life more complex, you don't need to hack anything, you can just pay for the service one and see both the input and output, but both are very far from each other and not any easier to link than figuring it out on paper without going through the service.

I'm not quite ready to announce the service yet but basically it's a 3D reconstruction service, input is 100s of photos, output is a textured 3D model, what i want to protect is "how do i do it" but mostly "how do i do it fast", seeing the input and output doesn't help with that.

So what are you actually going to, you know, do with this 'unhackable' server that doesn't store anything or make any kind of backups?

I have a plate sitting here on the table beside me. Bet you can't hack that! Not really sure what use it might be for a web server, but its pretty damn unhackable...

I didn't say it "stores Nothing", nor that it doesn't "make backups", i said i don't need to secure what it makes, only how it makes it as that is what has value, exe = valuable, data generated by it = hardly any value so can transit on the net without risk. It's much like cash, you don't care much if $20 gets stolen, but you certainly want to protect the money printing machine, here i protect the printing machine, not the bills.

Well, usually data is more valuable than the processes used to churn it.

The process might be a trade secret of the company, especially the implementation of that process (process might be dictated by regulation, how to efficiently implement that process might be an advantage among competitors)...

The data most certainly is more critical. Customer data has to be protected above else, if this leaks, you can close shop pretty soon. Your annual performance data might be important to protect both from having competitors snooping through it, getting valuable insights into where you spend at the moment and entering the market before you thanks to that information, and to prevent anyone from using that data to influence the market, which has all kind of regulatory fallout.

Now, if this also affects your webserver IDK. What does it do exactly? What kind of customers do what exactly on it? Because THAT will be the important information to decide if your statement of the process being more valuable than data is actually true.

Are we talking about games? What makes you think that your game can exist for long when the game code is unhackable (thus cheats and private servers are not possible), but customers data gets stolen and hacked, and soon all your players will leave because they loose their accounts to hackers on a weekly base?

Now, you might argue that not all data is created equal, which is true. But you just contradicted your bold statement up there that process > data.

For games (and many other businesses), the process and its implementation are trade secrets that are valuable enough to go to great lengths to protect. And yes, THIS part can be protected more easy than others, as it normally runs in the closed, controlled environment of the server (so as long as nobody gets unto the server, that part is safe).

But a lot of the data, more than you might think, is just as important or even more important to protect. Because loosing it might mean loosing a customer, getting in a position where you could be sued, loosing trade secrets in the form of data, or, worst of all, opening up attack vectors on your other valuable assets... you know, the process and its implementation.

Then I would still challenge you on offering a solution on how to make a server that needs to be connected to any kind of network proof against a hacker gaining access. The air gapping you talk about only works so far, at some point you will need to connect the secured system to the non-secure network. No matter what you do, as long as anyone needs to access anything on the secured system, this system can become compromised.

What is your solution to that? And is it a solution that makes the system theoretically almost impossible to hack, but at the same time almost impossible to get any use out of?

My external HD that stores important data I disconnected from any system and store in a safe nobody has access to is pretty darn unhackable. But how useful is it still to me, when nobody can access the data without going through a lot of lengths to get the data from the safe (that nobody has acces to )? How long will it take for stale data like that to become virtually worthless? 1 year? 1 month? In todays time, data becomes stale and worthless at an alarming rate, so apart from regulatory archives and historical data this process is pretty darn stupid.

So what are you actually going to, you know, do with this 'unhackable' server that doesn't store anything or make any kind of backups?

I have a plate sitting here on the table beside me. Bet you can't hack that! Not really sure what use it might be for a web server, but its pretty damn unhackable...

I didn't say it "stores Nothing", nor that it doesn't "make backups", i said i don't need to secure what it makes, only how it makes it as that is what has value, exe = valuable, data generated by it = hardly any value so can transit on the net without risk. It's much like cash, you don't care much if $20 gets stolen, but you certainly want to protect the money printing machine, here i protect the printing machine, not the bills.

Well, usually data is more valuable than the processes used to churn it.

The process might be a trade secret of the company, especially the implementation of that process (process might be dictated by regulation, how to efficiently implement that process might be an advantage among competitors)...

The data most certainly is more critical. Customer data has to be protected above else, if this leaks, you can close shop pretty soon. Your annual performance data might be important to protect both from having competitors snooping through it, getting valuable insights into where you spend at the moment and entering the market before you thanks to that information, and to prevent anyone from using that data to influence the market, which has all kind of regulatory fallout.

Now, if this also affects your webserver IDK. What does it do exactly? What kind of customers do what exactly on it? Because THAT will be the important information to decide if your statement of the process being more valuable than data is actually true.

Are we talking about games? What makes you think that your game can exist for long when the game code is unhackable (thus cheats and private servers are not possible), but customers data gets stolen and hacked, and soon all your players will leave because they loose their accounts to hackers on a weekly base?

Now, you might argue that not all data is created equal, which is true. But you just contradicted your bold statement up there that process > data.

For games (and many other businesses), the process and its implementation are trade secrets that are valuable enough to go to great lengths to protect. And yes, THIS part can be protected more easy than others, as it normally runs in the closed, controlled environment of the server (so as long as nobody gets unto the server, that part is safe).

But a lot of the data, more than you might think, is just as important or even more important to protect. Because loosing it might mean loosing a customer, getting in a position where you could be sued, loosing trade secrets in the form of data, or, worst of all, opening up attack vectors on your other valuable assets... you know, the process and its implementation.

Then I would still challenge you on offering a solution on how to make a server that needs to be connected to any kind of network proof against a hacker gaining access. The air gapping you talk about only works so far, at some point you will need to connect the secured system to the non-secure network. No matter what you do, as long as anyone needs to access anything on the secured system, this system can become compromised.

What is your solution to that? And is it a solution that makes the system theoretically almost impossible to hack, but at the same time almost impossible to get any use out of?

My external HD that stores important data I disconnected from any system and store in a safe nobody has access to is pretty darn unhackable. But how useful is it still to me, when nobody can access the data without going through a lot of lengths to get the data from the safe (that nobody has acces to )? How long will it take for stale data like that to become virtually worthless? 1 year? 1 month? In todays time, data becomes stale and worthless at an alarming rate, so apart from regulatory archives and historical data this process is pretty darn stupid.

My post just before yours actually answers most of that but i'll go bit by bit :

No here data is of little value, the process to generate it is what has value (as the ability to generate the output from the input is what we "sell").

We don't really store "Customer data", what can be hacked (not on our system, but outside as it transit on the net) are actual 3D models generated from sets of pictures of a given person, those are pretty much uninteresting except for the given person.

No one directly connects to the web server, there is no authentication / rights / anything so you can't somehow login as there's no login process to begin with, you can't get elevated rights to use a risky command as there is no risky command, commands are pretty much sendbunchofpictures and downloadmodel (the download link is generated per model and emailed to the address provided in sendbunchofpictures, pretty much impossible to guess as it's a 2000 character url segment generated by a crypto level rng, which is overkill since once again, it's not risky data, it's just better to protect it as well as i can but it's not what i claim to be able to protect, only the exe is critical for me).

No we're not talking about games at all.

The data in this context is unlikely to mean losing a customer, we don't have any "big" customers but mostly 1 time customers and no one is really interested in their data (if you could manage to somehow guess an url of 2 000 length, you'd end up with one model of one person without any way to know who it is, doesn't seem very risky . . .)

There's no air gaping, those were discutions on the topic of security but what you quoted was for my use case, and in my use case the server is connected to the internet.

I'm saying that the part i want to protect (the exe in ram) is safe, of course there's no way to secure what comes in and out, but that data that comes in and out is "not" critical, it's important, but it's semi public, like Dropbox public links for example, if someone share his link he shares is data, that's about it and that issue is not on my side

Then why don't you let customers connect to a forwarding proxy in the DMZ like everybody else does? Have your super secret sauce only talk to one particular machine (the one in the DMZ) via exactly one precisely defined protocol, block everything on the firewall without exception, and lock it in a room so nobody has physical access to it.

That makes the whole "unhackable" thing a bit superfluous. Let them hack "the server" if they want. All they'll control is a proxy, which isn't worth a lot.

My post just before yours actually answers most of that but i'll go bit by bit :

No here data is of little value, the process to generate it is what has value (as the ability to generate the output from the input is what we "sell").

We don't really store "Customer data", what can be hacked (not on our system, but outside as it transit on the net) are actual 3D models generated from sets of pictures of a given person, those are pretty much uninteresting except for the given person.

No one directly connects to the web server, there is no authentication / rights / anything so you can't somehow login as there's no login process to begin with, you can't get elevated rights to use a risky command as there is no risky command, commands are pretty much sendbunchofpictures and downloadmodel (the download link is generated per model and emailed to the address provided in sendbunchofpictures, pretty much impossible to guess as it's a 2000 character url segment generated by a crypto level rng, which is overkill since once again, it's not risky data, it's just better to protect it as well as i can but it's not what i claim to be able to protect, only the exe is critical for me).

No we're not talking about games at all.

The data in this context is unlikely to mean losing a customer, we don't have any "big" customers but mostly 1 time customers and no one is really interested in their data (if you could manage to somehow guess an url of 2 000 length, you'd end up with one model of one person without any way to know who it is, doesn't seem very risky . . .)

There's no air gaping, those were discutions on the topic of security but what you quoted was for my use case, and in my use case the server is connected to the internet.

I'm saying that the part i want to protect (the exe in ram) is safe, of course there's no way to secure what comes in and out, but that data that comes in and out is "not" critical, it's important, but it's semi public, like Dropbox public links for example, if someone share his link he shares is data, that's about it and that issue is not on my side

I see... missed that post. Most of your comments now make more sense, but:

1. You do recognize you have a pretty unique and basic service here? Most webshops, e-banking, whatnot will not be able to cut their service so much to the barebones service you provide.

2. Even if you do not have big clients, returning clients or store user data at the moment, are you sure you will not need it in the future? How long can you keep business afloat without returning customers? Even if it keeps afloat, how can you grow it without big clients (which WILL mean you need to keep client data somewhere as they might want 24/7 access with their own users)?

3. You really want to challenge a Hacker to "guess" an URL of "only" 2000 characters length? I am sure someone will pick up the challenge. Does the Model output, or worse, the image input have any value to you? No, but they will to your customer. These might be his images using his copyrighted something, and he paid for the model. If somebody is able to steal these things, the rightful owner might still be able to sue them, sure. But that way things might get public that shouldn't have, and you might be the one sued.

4. The Process you think so valuable certainly is your business' most valuable asset... but it sound pretty run of the mill nowadays. Photometry has been done before. You might have a clever implementation there, I would still invest into making sure you also protect your clients and not only your own assets.

Look, I am sure you made your homework, and I am pretty sure this use case is not a prime target for hackers. But the way you treat risk to your customers assets like it will not affect your business, or worse, treat risk like it will not happen because it seems to be not very likely to occur, sounds wrong to me, no matter the business.

In the end, if people don't TRUST your business, they will not only not return. They might not even use it once...

Add to that the fact that, as long as what you are offering is photometry, your target audience is pretty small, and most probably WILL come from a professional background. It is unlikely that grandma will want her china collection virtualized in 2016, so you most probably will have to deal with a small group of architects, game devs and movie FX people that need stuff scanned but cannot pay for other services or their own 3D scanning devices. They might not be bankers, or governments asking for max security, but if they feel their assets are not protected enough they will likely look for a different service...

Granted, I don't know the specifics of your service, and I also cannot accuratly gauge risks to your site or your customers data. If you wanted to say that basically you will have to live with a certain risk that gets to expensive to mitigate, and can only protect your customers to a certain degree, I would agree 100%. A business needs to make money, and putting more than that into even achieving 99% security is killing the business... but awarness that the perfect storm CAN happen and at least having a plan for it goes a long way to dealing with the situation in the unlikely event that it happens.

TL;DR... what does this have to do with your claim of "unhackable server" when we assume your Process IS hacksafe?

Well, what is the point of having a hacksafe service when inputs and outputs are still hackable targets? In the end, your service is still hackable, and that there is a part that is unhackable will not make a difference in other peoples mind... your service got compromised, somebodys data got stolen, your service is not thrustworthy. This should and will matter to you.

My post just before yours actually answers most of that but i'll go bit by bit :

No here data is of little value, the process to generate it is what has value (as the ability to generate the output from the input is what we "sell").

We don't really store "Customer data", what can be hacked (not on our system, but outside as it transit on the net) are actual 3D models generated from sets of pictures of a given person, those are pretty much uninteresting except for the given person.

No one directly connects to the web server, there is no authentication / rights / anything so you can't somehow login as there's no login process to begin with, you can't get elevated rights to use a risky command as there is no risky command, commands are pretty much sendbunchofpictures and downloadmodel (the download link is generated per model and emailed to the address provided in sendbunchofpictures, pretty much impossible to guess as it's a 2000 character url segment generated by a crypto level rng, which is overkill since once again, it's not risky data, it's just better to protect it as well as i can but it's not what i claim to be able to protect, only the exe is critical for me).

No we're not talking about games at all.

The data in this context is unlikely to mean losing a customer, we don't have any "big" customers but mostly 1 time customers and no one is really interested in their data (if you could manage to somehow guess an url of 2 000 length, you'd end up with one model of one person without any way to know who it is, doesn't seem very risky . . .)

There's no air gaping, those were discutions on the topic of security but what you quoted was for my use case, and in my use case the server is connected to the internet.

I'm saying that the part i want to protect (the exe in ram) is safe, of course there's no way to secure what comes in and out, but that data that comes in and out is "not" critical, it's important, but it's semi public, like Dropbox public links for example, if someone share his link he shares is data, that's about it and that issue is not on my side

I see... missed that post. Most of your comments now make more sense, but:

1. You do recognize you have a pretty unique and basic service here? Most webshops, e-banking, whatnot will not be able to cut their service so much to the barebones service you provide.

2. Even if you do not have big clients, returning clients or store user data at the moment, are you sure you will not need it in the future? How long can you keep business afloat without returning customers? Even if it keeps afloat, how can you grow it without big clients (which WILL mean you need to keep client data somewhere as they might want 24/7 access with their own users)?

3. You really want to challenge a Hacker to "guess" an URL of "only" 2000 characters length? I am sure someone will pick up the challenge. Does the Model output, or worse, the image input have any value to you? No, but they will to your customer. These might be his images using his copyrighted something, and he paid for the model. If somebody is able to steal these things, the rightful owner might still be able to sue them, sure. But that way things might get public that shouldn't have, and you might be the one sued.

4. The Process you think so valuable certainly is your business' most valuable asset... but it sound pretty run of the mill nowadays. Photometry has been done before. You might have a clever implementation there, I would still invest into making sure you also protect your clients and not only your own assets.

Look, I am sure you made your homework, and I am pretty sure this use case is not a prime target for hackers. But the way you treat risk to your customers assets like it will not affect your business, or worse, treat risk like it will not happen because it seems to be not very likely to occur, sounds wrong to me, no matter the business.

In the end, if people don't TRUST your business, they will not only not return. They might not even use it once...

Add to that the fact that, as long as what you are offering is photometry, your target audience is pretty small, and most probably WILL come from a professional background. It is unlikely that grandma will want her china collection virtualized in 2016, so you most probably will have to deal with a small group of architects, game devs and movie FX people that need stuff scanned but cannot pay for other services or their own 3D scanning devices. They might not be bankers, or governments asking for max security, but if they feel their assets are not protected enough they will likely look for a different service...

Granted, I don't know the specifics of your service, and I also cannot accuratly gauge risks to your site or your customers data. If you wanted to say that basically you will have to live with a certain risk that gets to expensive to mitigate, and can only protect your customers to a certain degree, I would agree 100%. A business needs to make money, and putting more than that into even achieving 99% security is killing the business... but awarness that the perfect storm CAN happen and at least having a plan for it goes a long way to dealing with the situation in the unlikely event that it happens.

TL;DR... what does this have to do with your claim of "unhackable server" when we assume your Process IS hacksafe?

Well, what is the point of having a hacksafe service when inputs and outputs are still hackable targets? In the end, your service is still hackable, and that there is a part that is unhackable will not make a difference in other peoples mind... your service got compromised, somebodys data got stolen, your service is not thrustworthy. This should and will matter to you.

1) yes which is why there are 2 discutions in parallel, my use case which is pretty easy to secure, and the generic website use case which i still believe is possible but is definately not quite as simple nor black and white.

2) it's not a typical business model at all, basically none of those customers are mine to begin with but i don't want to enter into détails here, but for simplity's sake just assume it's the type of 1 time end user purchase where there's pretty much no hope of making a second purchase and that works on the volume of people ordering. A quite silly example would be purchasing a casquet for your funeral, you're unlikely to buy another one, ok it's not the same here but it's very likely around 1% of our customers at most would be returning customers, and probably 1% of that 1% would return more than once.

3) You can't really "guess" it except by brute force, and there's no value in it anyway, basically it would take a LOT of effort to get ONE url right and all you'd get is a model of someone (you don't know who) out of a million. There's Nothing wrong with that, Dropbox urls are much shorter than 2000 character long and are widly used. Once again this is not Customer bank account detail it gives you access to, it gives you something that is "really" not sensitive. And i still do my best to secure it but it's NOT possible to secure what goes on the net (data you transmit) and it's NOT my business to do it (i can't secure end user email accounts that are out of my controls, or the routers of their isps), my job is only to try and keep their data private within the limits of my network and doing that by sending them an url with 64 power 2000 possible combinations seems . . . fairly safe, but once again this is for argument's sake, it is NOT the part i claim can be fully secured, i'm just answering to that since you bring it up. For comparison (the filename aside) dropbox's randomly generated size is 15 characters when you create a link to share, and a link to share is exactly what we send to the customer, except 64 pow 2000 is quite a bit more than 64 (or 255 or whatever they use) pow 15

4) What we do hasn't been done before but as i said i'm not ready to announce it yet. It is sufficiently different to be very valuable and it's not simply photogrammetry, if you're that curious pm me i won't say much more but the little more i'll say will help understand why there's value to protect.

You missunderstand how i treat my customer assets, i secure them the best i can, but just like any business i put "more" work on the critical parts that are securable than on the public part that by definition can't be fully secured.

A hack proof website is one which is only static html pages, with no processing on the server side...

The website itself couldn't ever be hacked then, but the server software or os could be, this is a different kettle of fish. You can mitigate this by unloading every cgi like module and unused feature from your Web server software, and only running the Web server software and no other daemon at all.

And yes, there are tons of useful html only websites even in 2015...